AOL4FREE No Hoax This Time, Says DOE

Share

AOL4FREE No Hoax This Time, Says DOE

Like most netizens who've been online for more than a month, you probably diverted the recent torrent of email warnings about a virus called "AOL4FREE" to the trash. Good news/bad news time: The AOL4FREE virus is a hoax, but there's a different kind of destructive program called a Trojan horse - also named "AOL4FREE" - at large on the Net, and capable of wiping out your hard drive, says the Department of Energy in an alert posted to its site Thursday.

"We've been telling people that AOL4FREE is a hoax, but now it's real," William Orvis of the DOE's Computer Incident Advisory Capability team told Wired News. "The biggest problem for us is that we're going to have to make people understand the difference between the virus hoax and the Trojan reality."

The AOL4FREE Trojan horse, advises the CIAC bulletin, can arrive in your inbox as an attached file, or infect your system from a floppy disk that contains the program. Only DOS-based systems, like Windows, are vulnerable. Nothing happens until you double-click on the attachment or program to launch it - and then the trouble begins, as the Trojan horse infiltrates your root directory to execute a "DELTREE *.*" command, which wipes out all the files on your hard drive as a window pops up, telling you the files are being deleted. To add insult to injury, a message appears after your drive has been trashed, taunting, "YOUR COMPUTER HAS JUST BEEN FUCKED BY *VP* FUCK YOU AOL-LAMER."

If you accidentally execute the program and see the window pop up, CIAC advises, press Control-C immediately, which will allow some files to be recovered. Though the Trojan horse is only three lines of code - 993 bytes - it's devilishly effective. "It's trivially simple. My son could do it," says Orvis. Antivirus programs, Orvis adds, will not recognize the deadly Trojan horse.

Compounding the difficulty of alerting the public to the danger of the AOL4FREE Trojan horse, Orvis told Wired News, is the fact that there are millions of phony virus alerts circulating on the Net at any given time. The AOL4FREE virus, for instance, generated a flood of mail, but Orvis says, "We have never found anyone who was touched by it." To combat phony virus alerts, CIAC began posting bulletins to the Web because, Orvis explains, "the hoaxes are causing us far more trouble than any virus ever did."

Rob Rosenberger, who maintains the Computer Virus Myths homepage - one of the most comprehensive hoax-busting sites online - says he's been deluged with email since the CIAC alert was posted. "CIAC told the public what it needed to know," says Rosenberger, "but they didn't account for the 'Oh my God!' factor. But that's my job."

On his site, Rosenberger raises the possibility that someone created the Trojan horse specifically to discredit the antivirus community for dismissing the AOL4FREE virus mailings as a hoax. He stresses that it's attached files from sources unknown that are potentially dangerous - not email text. "Reading email with your eyeballs, your computer isn't going to get a virus," he says.

Rosenberger and Orvis point out that there's a built-in limiting factor with a Trojan horse like AOL4FREE. Once your hard drive is trashed, you don't even have a copy of the Trojan horse to pass on - unlike viruses, which hide, replicate, and spread.